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REMARKS 

Upon entry of this amendment, Claims 15-47 will be pending in this 
application. In view of the foregoing amendments and tjhe following 
remarks, applicant respectfully requests consideration if the new 
5 Claims. i 



New Claims 15-47 are not anticipated or made obvious by, and further 

i 

differentiate the claimed invention over the prior art Of record. The 
biggest difference between the current invention and all lathers is that the 
10 user authentication data is used to form the key that is iised to encrypt 
all data whereas, all other inventions use the encrypted Authentication 
data for subsequent authentication. Elements that contribute to the 
Claims' novelty include* but are not limited to, the following. 

Claim 15 recites the delivery of the encrypt/ decrypt engine via a web 

15 page, encryption independent from the identity of the cliint/ Ross 

I 

requires dependence on the identity of the physical client. In the current 

! 
I 

invention, the encryption key is derived from the user of jthe client and 

i ' 

not the physical client. 

Claim 16 recites that the encryption key in the current iiivention is 

20 entered by the user and is independent of the identity of jthe physical 
; j 

client. Because there may be the possibility to confuse tljie physical 

i • ■ 

1616 | 
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i 

client identity and the user client identity, clarification has been made 
herein. It is quite clear from Pig. 8 that the invention hlas always been 
with, respect to the user of the client and not the physicjal client itself. 

Claim 17 recites delivery of stored data responsive to cojmpletion of a 
5 processing step. 

Claim 18 recites storage of encrypted data followed by djeliveiy of the 

j 

stored data responsive to a request from either the original client or 
another client. j 

Claim 19 recites lower limits . on the number of times a kjey must be 

10 transmitted. The crux of the invention is embodied herein, in that a de 
■'*•'■■* .j 

facto authentication takes place, because while the authentication 

i 

information is not sent, the server can determine exactly! the source of 
the data if and only if it can in fact decrypt the data. No! prior art can be 
found where the authentication is tied explicitly to the ability to decrypt 
15 an encrypted text and not to a comparison of user identification tokens 
(username and password for example). Consequently, thle shared key is 
only sent to. the server one time and may never be sent t4 the client. 

Laursen et al, . (6,065, 120} have a similar strategy, but irj fact they utilize 
information about the user base on the client. The authentication and 
. 20 subsequently the encryption/decryption is tied to whethdr the user can 
identify themselves based on information that is transmitted. 



PAGE 2693 ■ RCVD AT 12/24/2003 11:50:34 AM [Eastern Standard Hmel * SVR:USPTO-EFXRF.1/0 4 DN1S:8729306 ' CSID:2505493751 1 DURATION (mnws):11-34 



12/24/2003 09:17 2505493751 



ULTRA INFO SYSTEMS 



PAGE 27 



Additionally, they explicitly state that the invention that we have here is 
excluded intentionally by their invention (page 3, line lj. Our invention, 
renders the usernarne and password strong and is thus diametrically 
opposite to what they have invented. 

5 Bodnar (6,061,790) proposes a system wherein two different keys are 
required for logging in and transmitting data. Additionally, Bodnar 
• . requires the client (page 10, last paragraph) to make u^e of client 
hardware to generate the encryption key. It would not be a trivial 
exercise to get our invention from this patent. Again, Bbdner is 
10 concerned only with the transmission of ones own transmissions. We 
, are of the opinion that it would be impossible to utilize Bodnar to send 
and receive email without the use of public/ private key ij>airs that would 

• ' ■ i 

• j 

need to be distributed. Also, it is clear from both Bodnet and Ross, that 
identifying information on the server is used to authenticate and thus 
15 initiate the session (Bodher page 10 line 10, for example)! 

Claim 22 recites an encrypt/ decrypt engine configured tp operated 

independently of the identity of the physical client. j 

j 

Claim 23 recites decryption and re-encryption of the dat4 using a key of 

"... i 

. the server. I 
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Claim 24 recites encryption of data for delivery responsive to the 
completion of a processing step. The encryption using the shared key or 
another shared key. Delivery may be to the client or anjother client. 

Claim 25 is similar to Claim 24 except that operation isj responsive to a 
5 request for the data. 

Claims 25 and 26 include two possibilities for the sourcb of a request for 
data, | 

Claim 28 recites the restriction of storage, of all data entered by the user 
on the client, to storage in encrypted form. Claim 28 al^o recites use of a 
10 key entered by the user for encryption. 

Claim 29 recites use of a symmetric key. I 

Claim 31 is a method claim reciting use of a web page to; deliver the 
encrypt/ decrypt engine and reciting use of a shared key jentered by a 
user. > 

15 Claims 32-36 include various methods of processing thejdata receive at 
the server. 

i 

Claims 37-4 1 recites a computer-readable medium compjrising program 
instructions. The program instructions may execute methods of the 
invention possibly using the systems of the invention, 1 
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Claim 43 is a method claim including encryption of datk independently of 
an identity of the physical client using a shared key entiered by a user. 
Here it must be explicitly understood that the client is tjhe device that 
communicates with a server, whereas, the user is the actual entity 
causing the client to perform work. Claim 43 clarifies the novelty 
because the user is not tied to a specific client and, the lencryption and 
data delivery is tied to the user and not the physical client. 



Claim 44- 47 include further details of the step of processing data 
decrypted at the server. j 



i 
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.10 



15 



20 



Conclusion 

In specifying the invention, the Applicant has reviewed the prior art of 
Krajewski (5,590,199), Linehan (5,495,533), Diffie et al (5,371,794), 
Wobber et al (5,235,642), Lennon et al (4,193,131), Barnes et al 

(5,970,475), Smithies et,al (6,091,835), Ross (5,812,671) and others. 
None of these would preclude the current invention fronji being allowed. 

The Applicant respectfully request a Notice of Allowability. If the 
Examiner has questions regarding the case, the Examiner is invited to 

contact Applicant's undersigned representative at the niimber given 

i 

below. 

Dated: September 2, 2003 



Lynn D. SPraggs, Ph.D. 

Ultra Information System^ Inc. 

2179 11* Ave. j 

Vernon BC Canada 

V1T8V7 ! 

Tel: (250) 542-0112 

Fax: (250) 549-3751 

Email: lspraggs@uisameriba.com 
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10 



Appendix showing changes to the Specification. 
Replace the paragraph beginning on page 6 line 14 with: 

Referring now to FIG* 1, a schematic diagram illustrates a senrer 
100 used to receive encrypted data from a sending client computer 102 
and transmit encrypted data to a receiving client computer 104 through 
the Internet 106 using shared private keys. The sendinjg client 102 and 
receiving client 104 share., their own private key with th^ server 100, but 
do not share their private keys with anyone else. 



Replace the paragraph beginning on page 8 line 6 with: j 

FIG. 5 is a block diagram of one embodiment of the non-volatile 
memoty module 404 located within the clients 102, 104lof PIG. 4, The 
non-volatile memory 406 includes an encrypt/decrypt engine 502 for 

.15 encrypting and decrypting data. The encrypt/ decrypt engine 502 can 
also be stored in RAM 404. Excellent results can be obtained when the 
encrypt/ decrypt engine is served up as a Java™ applet tb the clients 
102, 104. The Java™ applet can be served up with a web page. In 
another form, the encrypt/.decxypt engine can be sent tojthe clients 102, 

20 104, and then stored on their hard drive, frfae Javo™ qpfriet can bo 

served up with a web pqge.from an e mail pent to the cli e tito 102, 101, 
and then - stor e d on th e ir hard driv e . 
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10 



20 



Replace the paragraph beginning on page 10 line 3 with: 

FIG. 8 is a flowchart of a method illustrating ho\^ a user having a 
shared private key passes secure data through a server computer over 
the Internet. This method is very similar to the process described in 
FIGS. 6 and 7, The process begins at step 800. A elie^us^having a 
private key shared with the server establishes a session 1 over the Internet 
with the server by requesting a web page at step 802 usling a suitable . 

i 

client. At step 804 the server sends a web page form frrim the web page 
forms database 310 to the client. Next at step 806 the £4ie**t-user enters 
data into the web page along with his private key shared with the server. 
At step 808 the data is encrypted with the encrypt/ decrypt engine at the 
client computer using the user's private key and then thje encrypted data 
is sent to the server. It is explicitly shown at step 808 thkt the user's 
private k ey is the user's personal authentication data. The encryption 



15 key is formed from the authentication data. Subsequent^ the 



authentic ation data is NOT sent to the server and it is Nt)T used for 
authentication per sc except in so far as both client and Server are able 



to encrypt and decrypt the data using the same key. 



Replace the paragraph beginning on page 10 line 20 with: 

After the processing step is completed at step 814 the server 

i 

encrypts the processed data using the cli e nt's user's private key that is 
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stored in the user private keys database 304 and sends the encrypted 
data to the client. It is not necessary for the client to be the same client 
that began the process at step 802. The server can be iised as an 
intermediary for passing and processing secure data between clients. 

5 

Replace the paragraph beginning on page 1 1 line 4 witti: 

At step 816, the client receives the secure data arid the user enters 
their private key. At step 8 18 the encrypted processed <iata is decrypted 
with the cliont'o user's private key, which is now available to the client . 
10 using the encrypt/ decrypt engine 502. At step 820 the blient can access 

the dat a or the user can view the data , and at step 822 the process ends. I 
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